MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bd4969ee0c511b4c650ea6fbd0456fcce978cf2c1c6ab9acc348c287314dc60b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bd4969ee0c511b4c650ea6fbd0456fcce978cf2c1c6ab9acc348c287314dc60b
SHA3-384 hash: f1351fe783e5a2e0126c19e70e7626ffcb3af74f47af86c17b1192d88d67bb4f5976f49efd3bce2ba6503a2d4f07091e
SHA1 hash: 8338ff9dae1400c3197276ccf36bf39c4f793ee6
MD5 hash: cc8feb56fa6d01723b11236afbf1d928
humanhash: lima-ack-bakerloo-magazine
File name:RFQ~029873667892~0928763562789.zip
Download: download sample
Signature NanoCore
Create hunting rule
File size:865'321 bytes
First seen:2020-10-27 10:31:18 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:P+YLM6LZ4tD8WNbaSxaMM54EHB1qH6bklmGhjNcktfbBH3LvFHd68abMStHY29D4:PzFeuSxaMMu4PO6b+JXjFH9SplDvQ
TLSH 41053312BCF88C1B5E9C66E9D24744C6EF72CC437C96974B3EE1A32AB1413E9027A754
Reporter abuse_ch
Tags:NanoCore zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: viettelidc.com.vn
Sending IP: 103.1.208.228
From: hongquan@paragon.com.vn
Subject: REQUEST FOR QUOTATION.
Attachment: RFQ~029873667892~0928763562789.zip (contains "RFQ~029873667892~0928763562789.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
111
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.AutoIT-3.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.JS.EmbeddedEXE-5.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.AIT.Trojan.Nymeria.1583.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bd4969ee0c511b4c650ea6fbd0456fcce978cf2c1c6ab9acc348c287314dc60b/
Threat name:
Win32.Trojan.Predator
Create hunting rule
Status:
Malicious
First seen:
2020-10-27 01:04:44 UTC
AV detection:
13 of 48 (27.08%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xvewt3qmkenuyziou355arlpztuxrtzmdrvltlgdjdbiomknyyfq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

zip bd4969ee0c511b4c650ea6fbd0456fcce978cf2c1c6ab9acc348c287314dc60b

(this sample)

NanoCore

Executable exe 5d9d3139341641ce29a3a0a55b11e04b6e8827d6a5eee973aa66c12887ab0cc4

  
Dropping
MD5 1fe874d083821e1e95dd9e99d2ac768e
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5d9d3139341641ce29a3a0a55b11e04b6e8827d6a5eee973aa66c12887ab0cc4

Comments